Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Dave Crocker <dhc@dcrocker.net> Sun, 29 November 2015 17:25 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B6821A9097; Sun, 29 Nov 2015 09:25:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dymdk3pMRrXa; Sun, 29 Nov 2015 09:25:48 -0800 (PST)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0694E1A9053; Sun, 29 Nov 2015 09:25:48 -0800 (PST)
Received: from [192.168.1.87] (76-218-10-206.lightspeed.sntcca.sbcglobal.net [76.218.10.206]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id tATHPlfn028352 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Sun, 29 Nov 2015 09:25:47 -0800
References: <alpine.OSX.2.11.1511282155180.1479@ary.lan> <565A7234.7010000@alameth.org> <Eoqbyz/axxwfm7I0m8X7QOm53qcBtCJIuS/eiVFyCig=.sha-256@antelope.email> <072F93223CD351A88ECCDB69@JcK-HP5.jck.com> <etPan.565b31fa.335268bd.11ea@dhcp-whq-twvpn-1-vpnpool-10-159-139-85.vpn.oracle.com>
To: Chris Newman <chris.newman@oracle.com>, ietf-smtp@ietf.org, shutup@ietf.org
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <565B351B.7090104@dcrocker.net>
Date: Sun, 29 Nov 2015 09:25:47 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <etPan.565b31fa.335268bd.11ea@dhcp-whq-twvpn-1-vpnpool-10-159-139-85.vpn.oracle.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Sun, 29 Nov 2015 09:25:47 -0800 (PST)
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/VQllune5RwJu_NHsXXWij9W1--w>
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2015 17:25:49 -0000

On 11/29/2015 9:12 AM, Chris Newman wrote:

> ====
> This WG will investigate mechanisms to conceal the information exposed
> by the submission client's IP address in the mandatory received header
> generated by the submission server. The output of this WG will provide a
> mechanism as effective at tracing abuse and fraud as current use of the
> submission client's IP address. Changing other rules related to received
> headers in SMTP is out of scope for this WG.
> ====


Chris's approach is reasonable, but I fear it is premature.

The foundational issue here is a trade-off between information hiding
and information disclosure.  Privacy vs. ops support.

I've seen essentially no public discussions, here or anywhere else,
about the technical aspects of this policy tradeoff.

Absent some community-based sense of the underlying technical issues
here, targeting a specification is, in my view, not ready for prime time.

d/
-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net